A manufacturer of stalkerware faced consequences from the U.S. Federal Trade Commission after a security breach that exposed personal information of both customers and targets. The FTC has upheld the ban preventing the individual from selling such invasive software in the surveillance industry.
Scott Zuckerman, the founder of Support King, SpyFone, and OneClickMonitor, sought to have the ban rescinded but was denied by the FTC. This denial came after Zuckerman petitioned the federal agency to reconsider the order earlier this year.
In response to the 2021 ban, Zuckerman was prohibited from engaging in any surveillance-related activities, with the FTC mandating the deletion of all data collected by SpyFone. Additionally, Zuckerman was required to adhere to stringent cybersecurity measures and undergo regular audits.
The FTC’s decision was a result of a data exposure incident in 2018 when sensitive information was found unprotected in an Amazon S3 bucket linked to SpyFone. The breach included a plethora of private data like selfies, messages, recordings, and location details, impacting thousands of individuals.
Despite the ban, Zuckerman was suspected of operating another stalkerware company, as revealed by a data breach involving SpyTrac in 2022. This breach exposed connections between SpyTrac and Support King, indicating an attempt to circumvent the FTC’s restrictions.
Expert Eva Galperin commended the FTC’s actions, noting that Zuckerman’s actions implied a lack of regard for the ban’s implications. Stalkerware apps, used for covert surveillance, have been linked to numerous data breaches over the years, highlighting a concerning trend in privacy violations within the industry.
The prevalence of security breaches in stalkerware companies underscores the importance of stringent regulations to protect user privacy and prevent unlawful surveillance practices. The FTC’s firm stance against individuals like Zuckerman sends a clear message regarding the consequences of disregarding consumer privacy and engaging in unethical surveillance activities.